Back to Projects

AWS SES Integration

Enterprise Email Routing with AWS SES

Cloud InfraFeaturedMay 2026
AWS SES Integration

Overview

This project implements a production-ready email infrastructure using AWS SES (Simple Email Service) with automated forwarding, auto-replies, and multi-domain support. The system handles incoming emails, stores them in S3, processes them via Lambda functions, and forwards them to designated inboxes while maintaining domain reputation and email authentication.

The goal is to provide enterprise-grade email routing with DKIM signing, SPF authentication, and serverless processing at minimal cost (~$3/month for 500 emails/day).

Stack

  • Terraform (Infrastructure as Code)

  • AWS SES (Email Service)

  • AWS Lambda (Email Processing)

  • Amazon S3 (Email Storage)

  • Route53 (DNS Management)

  • Node.js (Lambda Runtime)

Architecture

Client Sends Email
        ↓
   SES Receives (MX Record)
   ✓ Spam/Virus Check
   ✓ DKIM Verify
        ↓
   S3 Storage (Backup)
        ↓
   Lambda Function
   - Read from S3
   - Match domain
   - Forward email
   - Auto-reply
        ↓
   SES Sends
   FROM: matching domain
   TO: destination inbox
   ✓ DKIM Sign
   ✓ SPF Check
        ↓
   Destination Inbox
   ✓ mailed-by: your-domain.com
   ✓ signed-by: your-domain.com

Features

  • Multi-Domain Support: Handles multiple domains (domain1.com, domain2.com)

  • Email Authentication: DKIM signing and SPF records for deliverability

  • Custom MAIL FROM: Shows branded domain instead of amazonses.com

  • Auto-Forwarding: Routes emails to designated inbox automatically

  • Auto-Reply: Sends confirmation responses to senders

  • S3 Backup: All emails stored for audit and recovery

  • Spam Protection: Built-in virus and spam scanning

  • Serverless: Zero server management, automatic scaling

DNS Configuration

Required Records Per Domain

# 1. MX Record - Email Receiving
Type: MX
Name: @
Value: 10 inbound-smtp.us-east-1.amazonses.com

# 2. TXT Record - Domain Verification
Type: TXT
Name: _amazonses.yourdomain.com
Value: <verification-token>

# 3. DKIM CNAME Records (3 records)
Type: CNAME
Name: <token>._domainkey.yourdomain.com
Value: <token>.dkim.amazonses.com

# 4. Custom MAIL FROM MX
Type: MX
Name: mail.yourdomain.com
Value: 10 feedback-smtp.us-east-1.amazonses.com

# 5. SPF Record
Type: TXT
Name: mail.yourdomain.com
Value: v=spf1 include:amazonses.com ~all

Lambda Function Logic

// Main handler processes SES events
exports.handler = async (event) => {
  const { mail, receipt } = event.Records[0].ses;
  
  // Extract email metadata
  const metadata = extractEmailMetadata(mail);
  
  // Determine sender email based on recipient domain
  const senderEmail = determineSenderEmail(
    metadata.to, 
    config
  );
  
  // Parallel processing
  await Promise.allSettled([
    forwardEmail(metadata, config),
    sendAutoReply(metadata, config)
  ]);
  
  return { disposition: 'CONTINUE' };
};

Terraform Deployment

Initialize and Deploy

terraform init
terraform plan
terraform apply

Verify Configuration

# Check domain verification
aws ses get-identity-verification-attributes \
  --identities yourdomain.com --region us-east-1

# Check DKIM status
aws ses get-identity-dkim-attributes \
  --identities yourdomain.com --region us-east-1

# Check sending limits
aws ses get-send-quota --region us-east-1

# Test email sending
aws ses send-email \
  --from hi@yourdomain.com \
  --destination ToAddresses=test@example.com \
  --message Subject={Data="Test"},Body={Text={Data="Test"}} \
  --region us-east-1

Email Recipients Supported

hi@domain1.com
info@domain1.com
contact@domain1.com
hr@domain1.com

hi@domain2.com
contact@domain2.com

Result

  • ✅ Professional email infrastructure with custom domains

  • ✅ DKIM and SPF authentication passing

  • ✅ Automated email forwarding and replies

  • ✅ S3 backup for all incoming emails

  • ✅ Multi-domain support with domain matching

  • ✅ Fully serverless with automatic scaling

  • ✅ Cost-effective (~$3/month for 500 emails/day)

Key Points

  • Infrastructure fully automated with Terraform

  • DNS records managed via Route53

  • Lambda processes emails serverlessly

  • DKIM shows "signed-by: yourdomain.com"

  • Custom MAIL FROM shows "mailed-by: mail.yourdomain.com"

  • Production-ready with monitoring and logging

Final Note

This project demonstrates how to build a complete email infrastructure on AWS using modern serverless architecture and Infrastructure as Code principles.

It provides enterprise-grade email handling with proper authentication, automated processing, and high deliverability while maintaining minimal operational overhead and cost.

More Projects

Explore other projects from my portfolio

Serverless Infra

Serverless Infra

Automated Backend Provisioning with Terraform

Cloud Infra
Terraform Infra

Terraform Infra

Provision AWS Infrastructure with Code

Featured
Back to All Projects